Changeset 53341 in webkit for trunk/JavaScriptCore
- Timestamp:
- Jan 15, 2010, 12:48:52 PM (15 years ago)
- Location:
- trunk/JavaScriptCore
- Files:
-
- 4 edited
-
ChangeLog (modified) (1 diff)
-
interpreter/Interpreter.cpp (modified) (4 diffs)
-
jit/JITStubs.cpp (modified) (7 diffs)
-
runtime/Operations.h (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/JavaScriptCore/ChangeLog
r53323 r53341 1 2010-01-14 Geoffrey Garen <[email protected]> 2 3 Reviewed by Oliver Hunt. 4 5 REGRESISON: Google maps buttons not working properly 6 https://bugs.webkit.org/show_bug.cgi?id=31871 7 8 REGRESSION(r52948): JavaScript exceptions thrown on Google Maps when 9 getting directions for a second time 10 https://bugs.webkit.org/show_bug.cgi?id=33446 11 12 SunSpider and v8 report no change. 13 14 * interpreter/Interpreter.cpp: 15 (JSC::Interpreter::tryCacheGetByID): Update our cached offset in case 16 flattening the dictionary changed any of its offsets. 17 18 * jit/JITStubs.cpp: 19 (JSC::JITThunks::tryCacheGetByID): 20 (JSC::DEFINE_STUB_FUNCTION): 21 * runtime/Operations.h: 22 (JSC::normalizePrototypeChain): ditto 23 1 24 2010-01-14 Gavin Barraclough <[email protected]> 2 25 -
trunk/JavaScriptCore/interpreter/Interpreter.cpp
r52231 r53341 1045 1045 1046 1046 JSObject* baseObject = asObject(slot.slotBase()); 1047 size_t offset = slot.cachedOffset(); 1047 1048 1048 1049 // Since we're accessing a prototype in a loop, it's a good bet that it 1049 1050 // should not be treated as a dictionary. 1050 if (baseObject->structure()->isDictionary()) 1051 if (baseObject->structure()->isDictionary()) { 1051 1052 baseObject->flattenDictionaryObject(); 1053 offset = baseObject->structure()->get(propertyName); 1054 } 1052 1055 1053 1056 ASSERT(!baseObject->structure()->isUncacheableDictionary()); … … 1055 1058 vPC[0] = getOpcode(op_get_by_id_proto); 1056 1059 vPC[5] = baseObject->structure(); 1057 vPC[6] = slot.cachedOffset();1060 vPC[6] = offset; 1058 1061 1059 1062 codeBlock->refStructures(vPC); … … 1061 1064 } 1062 1065 1063 size_t count = normalizePrototypeChain(callFrame, baseValue, slot.slotBase()); 1066 size_t offset = slot.cachedOffset(); 1067 size_t count = normalizePrototypeChain(callFrame, baseValue, slot.slotBase(), propertyName, offset); 1064 1068 if (!count) { 1065 1069 vPC[0] = getOpcode(op_get_by_id_generic); … … 1071 1075 vPC[5] = structure->prototypeChain(callFrame); 1072 1076 vPC[6] = count; 1073 vPC[7] = slot.cachedOffset();1077 vPC[7] = offset; 1074 1078 codeBlock->refStructures(vPC); 1075 1079 } -
trunk/JavaScriptCore/jit/JITStubs.cpp
r53151 r53341 890 890 891 891 JSObject* slotBaseObject = asObject(slot.slotBase()); 892 892 size_t offset = slot.cachedOffset(); 893 893 894 // Since we're accessing a prototype in a loop, it's a good bet that it 894 895 // should not be treated as a dictionary. 895 if (slotBaseObject->structure()->isDictionary()) 896 if (slotBaseObject->structure()->isDictionary()) { 896 897 slotBaseObject->flattenDictionaryObject(); 898 offset = slotBaseObject->structure()->get(propertyName); 899 } 897 900 898 901 stubInfo->initGetByIdProto(structure, slotBaseObject->structure()); … … 900 903 ASSERT(!structure->isDictionary()); 901 904 ASSERT(!slotBaseObject->structure()->isDictionary()); 902 JIT::compileGetByIdProto(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, structure, slotBaseObject->structure(), slot.cachedOffset(), returnAddress);905 JIT::compileGetByIdProto(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, structure, slotBaseObject->structure(), offset, returnAddress); 903 906 return; 904 907 } 905 908 906 size_t count = normalizePrototypeChain(callFrame, baseValue, slot.slotBase()); 909 size_t offset = slot.cachedOffset(); 910 size_t count = normalizePrototypeChain(callFrame, baseValue, slot.slotBase(), propertyName, offset); 907 911 if (!count) { 908 912 stubInfo->accessType = access_get_by_id_generic; … … 912 916 StructureChain* prototypeChain = structure->prototypeChain(callFrame); 913 917 stubInfo->initGetByIdChain(structure, prototypeChain); 914 JIT::compileGetByIdChain(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, structure, prototypeChain, count, slot.cachedOffset(), returnAddress);918 JIT::compileGetByIdChain(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, structure, prototypeChain, count, offset, returnAddress); 915 919 } 916 920 … … 1437 1441 1438 1442 CallFrame* callFrame = stackFrame.callFrame; 1443 const Identifier& propertyName = stackFrame.args[1].identifier(); 1439 1444 1440 1445 JSValue baseValue = stackFrame.args[0].jsValue(); 1441 1446 PropertySlot slot(baseValue); 1442 JSValue result = baseValue.get(callFrame, stackFrame.args[1].identifier(), slot);1447 JSValue result = baseValue.get(callFrame, propertyName, slot); 1443 1448 1444 1449 CHECK_FOR_EXCEPTION(); … … 1455 1460 ASSERT(slot.slotBase().isObject()); 1456 1461 JSObject* slotBaseObject = asObject(slot.slotBase()); 1462 1463 size_t offset = slot.cachedOffset(); 1457 1464 1458 1465 if (slot.slotBase() == baseValue) … … 1462 1469 // Since we're accessing a prototype in a loop, it's a good bet that it 1463 1470 // should not be treated as a dictionary. 1464 if (slotBaseObject->structure()->isDictionary()) 1471 if (slotBaseObject->structure()->isDictionary()) { 1465 1472 slotBaseObject->flattenDictionaryObject(); 1473 offset = slotBaseObject->structure()->get(propertyName); 1474 } 1466 1475 1467 1476 int listIndex; 1468 1477 PolymorphicAccessStructureList* prototypeStructureList = getPolymorphicAccessStructureListSlot(stubInfo, listIndex); 1469 1478 1470 JIT::compileGetByIdProtoList(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, prototypeStructureList, listIndex, structure, slotBaseObject->structure(), slot.cachedOffset());1479 JIT::compileGetByIdProtoList(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, prototypeStructureList, listIndex, structure, slotBaseObject->structure(), offset); 1471 1480 1472 1481 if (listIndex == (POLYMORPHIC_LIST_CACHE_SIZE - 1)) 1473 1482 ctiPatchCallByReturnAddress(codeBlock, STUB_RETURN_ADDRESS, FunctionPtr(cti_op_get_by_id_proto_list_full)); 1474 } else if (size_t count = normalizePrototypeChain(callFrame, baseValue, slot.slotBase() )) {1483 } else if (size_t count = normalizePrototypeChain(callFrame, baseValue, slot.slotBase(), propertyName, offset)) { 1475 1484 ASSERT(!asCell(baseValue)->structure()->isDictionary()); 1476 1485 int listIndex; … … 1478 1487 1479 1488 StructureChain* protoChain = structure->prototypeChain(callFrame); 1480 JIT::compileGetByIdChainList(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, prototypeStructureList, listIndex, structure, protoChain, count, slot.cachedOffset());1489 JIT::compileGetByIdChainList(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, prototypeStructureList, listIndex, structure, protoChain, count, offset); 1481 1490 1482 1491 if (listIndex == (POLYMORPHIC_LIST_CACHE_SIZE - 1)) -
trunk/JavaScriptCore/runtime/Operations.h
r52182 r53341 340 340 } 341 341 342 inline size_t normalizePrototypeChain(CallFrame* callFrame, JSValue base, JSValue slotBase )342 inline size_t normalizePrototypeChain(CallFrame* callFrame, JSValue base, JSValue slotBase, const Identifier& propertyName, size_t& slotOffset) 343 343 { 344 344 JSCell* cell = asCell(base); … … 358 358 // Since we're accessing a prototype in a loop, it's a good bet that it 359 359 // should not be treated as a dictionary. 360 if (cell->structure()->isDictionary()) 360 if (cell->structure()->isDictionary()) { 361 361 asObject(cell)->flattenDictionaryObject(); 362 if (slotBase == cell) 363 slotOffset = cell->structure()->get(propertyName); 364 } 362 365 363 366 ++count;
Note:
See TracChangeset
for help on using the changeset viewer.
